|
Posted by iain  |
|
|
I just recently came across SCT and did an svn co of communitydraft over the weekend.
Before delving into things too deeply I thought I would ask if some of my ideas were possible. I was wanting to use SCT as a base for a site where ONLY a small number of users would have access to create content though any registered users could comment. I was also wanting to restrict content creation and /admin/ access to https but allow registered users to comment via http. Possible? |
|
|
Posted by Herbert Poul  |
|
|
well .. the /admin/ restriction to HTTPs does not have too much to do with SCT .. i would simply create an apache rule (or whatever webserver you use) to restrict access to secure connections.. i don't think any python-magic is necessary here..
as for SCT access restrictions ... wiki content, blog posts (forum threads) are all created through the frontend, not the /admin/ section (the django admin interface is only used to create forums, configure permissions, etc.) - so this content would be created through normal HTTP .. there is no way to restrict it to HTTPS (except you do some magic.. like.. hooking into the login procedure to forward all admins to HTTPS while all normal users to HTTP.. ) as for real permissions.. it can be made quite easily that only admins can create/edit wiki pages.. and all users can add comments.. the same for forum threads/blog posts... the how this can be done depends on what content you want your admins to create :) but it should be possible quite easily .. Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by iain |
|
|
Hello Herbert,
Thanks for the reply.
I was actually thinking of the cookie handling. Once someone has logged-in via https will their cookies also be secure?
Except, and this may be a misconfiguration by me, I created a blog post which was only editable through the admin interface. Plus I couldn't find a way of editing the tags of an already created blog post at all.
OK. I'll have a look at that.
I had a look at the user permissions page in the admin interface but didn't see a way of changing comments access. Does a user required to be logged-in to comment by default? As an aside, on my system, the user permissions are too wide to fit into the two scroll boxes - is this the sort of thing to be reported in the issues thread? Regards, Iain. --- Last Edited by iain at 2008-10-06 16:21:01 --- |
|
|
Posted by Herbert Poul |
|
this is part of django .. but the cookie is set on the first request - not when they login (every user has a session)
you can look into the django code: django/contrib/sessions/middleware.py .. here it is set:
response.set_cookie(settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None)
this is all part of django .. it has basically nothing specific to do with SCT :) i guess you have to invest a bit of thinking here .. you probably need your own session middleware to customize how the cookie is set.. especially because you want only privileged users to have secure cookies.. although in general .. i'm not 100% sure if it is worth the effort.. you must make sure that there is never a privileged user with an insecure cookie.. so as soon as the user logs in .. you need to invalidate the old session and create a new, secure session or something like it.. maybe you could ask that question on the django mailing list .. (if there is nothing i'm missing that would be SCT specific :) )
hmm.. it seems you are right.. i obviously forgot to add an edit link to the blog template :) if you are using the default template just update from SVN and you should have one beside the date.. otherwise add the following code to your template:
{% if post.allowEditing %}
<a href="{{ post.get_absolute_editurl }}">{% trans "Edit" %}</a>
{% endif %}
by default.. yes.. a comment in a blog-sense is a reply .. the blog post itself is the 'new thread'. - btw. are we talking about the basic permissions you configure in the admin page of the category (Allowview, Allowthread, Allowpost) or "role" permissions ? (allowthread = creating of new threads.. creating of blog posts .... allowpost = creating of replies .. creating of comments)
unfortunately i have no idea where there are two scroll boxes :) maybe you could provide me with a url .. or screenshot or something like that :) cu, herbert Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by iain |
|
Sorry, should have been more precise.
In the /admin/ section for user preferences on the included dev server it is located at http://127.0.0.1:8000/admin/auth/user/1/ Screenshot attached. I am now installing SCT onto Apache with mod_python to test some of the other points. Regards, Iain. |
|
|
Posted by Herbert Poul |
|
|
ah ok .. i guess that's the confusion ..
SCT actually never uses those permissions.. they are just autocreated by django .. (i was basically too lazy to find a way to circumvent this..) permissions in SCT either use 'Group' (community groups, not django groups :) ) or 'Role' .. i think for you it should be sufficient to add your privileged users to your community Group (by default this is the 'example' group) and then edit the category.. and change 'allowthreads' to 'Members of the group', 'allowreplies' to either 'All users' (to allow anonymous posts) or only 'Loggedin Users' depending on your needs.. Hey, we have Signatures !!! Great, isn't it ? ;) |
|
|
Posted by iain |
|
Ahhh, right. I thought they weren't doing anything.
Did an "svn up" last night and now have an edit link for the blog posts. Cool! |
Please login to post a reply.
